Cybozu Office Authentication Bypass Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Cybozu Office and is prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the 'user&qts' cell phone. Impact Level: Application.

Solution

Cybozu Office 8 (8.1.0.1) For updates refer to http://products.cybozu.co.jp/office

Insight

The flaw exists due to insufficient checks being performed when accessing the 'login' interface.

Affected

Cybozu Office version before 8 (8.1.0.1)

References

http://jvn.jp/en/jp/JVN87730223/index.html
http://secunia.com/advisories/39508
http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
http://xforce.iss.net/xforce/xfdb/57976

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2029

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Arris DOCSIS Password Disclosure
Apple Mac OS X Denial of Service Vulnerability
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)

Take action and discover your vulnerabilities